× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 57f93e599e402e54d68db795f52134c9476b3a3845e9a992ed1c0e4b10608639
File name: libmysql.dll
Detection ratio: 0 / 66
Analysis date: 2017-11-04 00:16:39 UTC ( 1 month, 1 week ago )
Antivirus Result Update
Ad-Aware 20171103
AegisLab 20171103
AhnLab-V3 20171103
Alibaba 20170911
ALYac 20171104
Antiy-AVL 20171103
Arcabit 20171104
Avast 20171103
Avast-Mobile 20171103
AVG 20171103
Avira (no cloud) 20171103
AVware 20171104
Baidu 20171103
BitDefender 20171103
Bkav 20171102
CAT-QuickHeal 20171103
ClamAV 20171103
CMC 20171103
Comodo 20171103
CrowdStrike Falcon (ML) 20171016
Cybereason 20171030
Cylance 20171104
Cyren 20171104
DrWeb 20171103
eGambit 20171104
Emsisoft 20171103
Endgame 20171024
ESET-NOD32 20171104
F-Prot 20171103
F-Secure 20171103
Fortinet 20171103
GData 20171103
Ikarus 20171103
Sophos ML 20170914
Jiangmin 20171103
K7AntiVirus 20171103
K7GW 20171103
Kaspersky 20171103
Kingsoft 20171104
Malwarebytes 20171103
MAX 20171103
McAfee 20171031
McAfee-GW-Edition 20171103
Microsoft 20171103
eScan 20171103
NANO-Antivirus 20171103
nProtect 20171103
Palo Alto Networks (Known Signatures) 20171104
Panda 20171103
Qihoo-360 20171104
Rising 20171104
SentinelOne (Static ML) 20171019
Sophos AV 20171103
SUPERAntiSpyware 20171103
Symantec 20171103
Symantec Mobile Insight 20171103
Tencent 20171104
TheHacker 20171102
TotalDefense 20171103
TrendMicro 20171104
TrendMicro-HouseCall 20171104
Trustlook 20171104
VBA32 20171103
VIPRE 20171104
ViRobot 20171103
Webroot 20171104
WhiteArmor 20171024
Yandex 20171102
ZoneAlarm by Check Point 20171103
Zoner 20171103
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-10-22 02:24:23
Entry Point 0x0004EFF4
Number of sections 4
PE sections
PE imports
CryptReleaseContext
RegCloseKey
CryptAcquireContextA
CryptGenRandom
RegEnumValueA
RegOpenKeyExA
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
OpenFileMappingA
GetFileInformationByHandle
GetLocaleInfoW
SetStdHandle
WideCharToMultiByte
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetFullPathNameA
SetEvent
InitializeCriticalSection
FindClose
TlsGetValue
SetLastError
PeekNamedPipe
HeapAlloc
GetVersionExA
GetModuleFileNameA
RaiseException
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
MultiByteToWideChar
GetModuleHandleA
CreateSemaphoreA
SetEnvironmentVariableW
SetNamedPipeHandleState
GetSystemDirectoryA
SetEnvironmentVariableA
TerminateProcess
VirtualQuery
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
HeapFree
EnterCriticalSection
SetHandleCount
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryA
GetCPInfo
GetProcAddress
CompareStringW
FreeEnvironmentStringsW
FindFirstFileA
WaitNamedPipeA
CompareStringA
FindNextFileA
IsValidLocale
WaitForMultipleObjects
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
InterlockedIncrement
GetLastError
LCMapStringW
UnmapViewOfFile
GetSystemInfo
LCMapStringA
GetEnvironmentStringsW
FileTimeToLocalFileTime
GetEnvironmentStrings
GetCurrentProcessId
GetCurrentDirectoryA
HeapSize
GetCommandLineA
QueryPerformanceFrequency
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
IsValidCodePage
HeapCreate
VirtualFree
Sleep
GetFileAttributesExA
OpenEventA
VirtualAlloc
connect
setsockopt
htons
socket
__WSAFDIsSet
recv
inet_addr
send
WSACleanup
WSAStartup
gethostbyname
ntohs
WSAGetLastError
shutdown
getpeername
ioctlsocket
closesocket
inet_ntoa
select
getservbyname
PE exports
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2006:10:22 03:24:23+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
380928

LinkerVersion
7.1

FileTypeExtension
dll

InitializedDataSize
1146880

SubsystemVersion
4.0

EntryPoint
0x4eff4

OSVersion
4.0

ImageVersion
6.0

UninitializedDataSize
0

CarbonBlack CarbonBlack acts as a surveillance camera for computers
Execution parents
PE resource-wise parents
Compressed bundles
PCAP parents
File identification
MD5 01a2117f1bddf31fefd5274a196e6866
SHA1 e7e805ddd48a11a93b71a8fc6ac6a60e236d3c39
SHA256 57f93e599e402e54d68db795f52134c9476b3a3845e9a992ed1c0e4b10608639
ssdeep
24576:evH9jbRruxQuNI9T+PG7flTfU8K/URNGaSfP2p:eGxziT+u7fFjYURJ6Ps

authentihash b1fbf079ab87bc0cd53a040c694179707a6ecf911c0db1bb2e373e6e8a410243
imphash 98b092305c20355da98595f7565b61c5
File size 1.4 MB ( 1519616 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
pedll via-tor

VirusTotal metadata
First submission 2009-02-26 02:59:26 UTC ( 8 years, 9 months ago )
Last submission 2017-11-04 00:16:39 UTC ( 1 month, 1 week ago )
File names al_upload_57f93e599e402e54d68db795f52134c9476b3a3845e9a992ed1c0e4b10608639
sbs_ve_ambr_20150311182756.297_ 121
sbs_ve_ambr_20150413032946.559_ 2090
sbs_ve_ambr_20150105163823.798_ 68
sbs_ve_ambr_20150105163830.567_ 218
sbs_ve_ambr_20150209175402.569_ 2254
sbs_ve_ambr_20141005194841.393_ 283
sbs_ve_ambr_20150317044316.334_ 95
libmySQL.dll
dunptty.gif
sbs_ve_ambr_20150209175354.566_ 2090
sbs_ve_ambr_20141008200112.118_ 7128
sqzin.txt
sbs_ve_ambr_20150311182804.300_ 286
sbs_ve_ambr_20141005194833.609_ 133
libmySQL.dll11
libmysql.so
libmysql.dll
sbs_ve_ambr_20140917155237.140_ 6835
57f93e599e402e54d68db795f52134c9476b3a3845e9a992ed1c0e4b10608639
sbs_ve_ambr_20150405213159.686_ 95
sbs_ve_ambr_20150401000023.163_ 95
sbs_ve_ambr_20141020132021.422_ 7390
sbs_ve_ambr_20140906191014.608_ 94
sbs_ve_ambr_20141003161351.750_ 106
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!